Cisco Cisco Firepower Management Center 4000

Page of 1844
 
2-3
FireSIGHT System User Guide
 
Chapter 2      Logging into the FireSIGHT System
  Logging into the Appliance to Set Up an Account
The menus and menu options listed at the top of the page are based on the privileges for your user 
account. However, the links on the default home page include options that span the range of user account 
privileges. If you click a link that requires different privileges from those granted to your account, the 
following warning message is displayed:
You are attempting to view an unauthorized page. This activity has been logged.
You can either select a different option from the available menus or click 
Back
 in your browser window.
To log into a Series 3, virtual, or ASA FirePOWER device via the command line:
Access: 
CLI Basic Configuration
Step 1
For Series 3 and virtual devices, open an SSH connection to the appliance at 
hostname
, where 
hostname
 
corresponds to the host name of the appliance. For ASA FirePOWER devices, open the SSH connection 
to the ASA FirePOWER module at the management address.
The 
login as:
 command prompt appears.
Step 2
Type your user name and press Enter. 
The 
Password:
 prompt appears.
Step 3
Type your password and press Enter.
If your organization uses SecurID® tokens when logging in, append the token to your SecurID PIN and 
use that as your password to log in. For example, if your PIN is 
1111
 and the SecurID token is 
222222
type 
1111222222
. You must have already generated your SecurID PIN before you can log into the 
FireSIGHT System.
The login banner appears, followed by the 
>
 prompt.
You can use any of the commands allowed by your level of command line access. See the 
 for more information on available CLI commands.
Logging into the Appliance to Set Up an Account
License: 
Any
Some user accounts may be authenticated through an external authentication server. If your organization 
allows you to log on to the FireSIGHT System using LDAP or RADIUS credentials, the first time you 
log into the appliance using your external user credentials, the appliance associates those credentials 
with a set of permissions by creating a local user record. The permissions for that local user record can 
then be modified, unless they are granted through group or list membership, as follows:
  •
If the default role for externally authenticated user accounts is set to a specific access role, you can 
log into the appliance using your external account credentials without any additional configuration 
by the system administrator. 
  •
If an account is externally authenticated and by default receives no access privileges, you can log in 
but cannot access any functionality. You (or your system administrator) can then change the 
permissions to grant the appropriate access to user functionality.
If you are a shell access user, the system does not create a local user account for you on the appliance. 
Shell access is controlled entirely through either the shell access filter or PAM login attribute set for an 
LDAP server, or the shell access list on a RADIUS server.